<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

echo '<pre>';

$dir = dirname(__FILE__).'/';

$counter = 1;

$_system['paths']['root'] = rtrim(str_replace("\\","/",dirname(__FILE__)),'/')."/";
$_system['paths']['document_root'] = trim(preg_replace('~\/$~isU','',$_SERVER['DOCUMENT_ROOT']),'/').'/';
$tmp = explode('/',$_SERVER['SERVER_PROTOCOL']);
$_system['paths']['server_auto'] = '//'.$_SERVER['SERVER_NAME'];
$_system['paths']['server'] = strtolower($tmp[0].':'.$_system['paths']['server_auto']);
$_system['paths']['web_relative'] = '/'.ltrim(str_ireplace($_system['paths']['document_root'],'',$_system['paths']['root']),'/'); // relative web path
$_system['paths']['web_full'] = $_system['paths']['server'].$_system['paths']['web_relative']; //full web path

$function_black_list = explode(',','_getppid, apache_child_terminate, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, cat, cd, chgrp, chmod, chown, cmd, cp, curl_multi_exec, dbase_open, dbmopen, define_syslog_variables, delete, deleted, diskfreespace, dl, edit, escapeshellarg, escapeshellcmd, eval, exec, file_upload, fp, fpassthru, fpaththru, fput, ftp_alloc, ftp_cdup, ftp_chdir, ftp_chmod, ftp_close, ftp_connect, ftp_delete, ftp_exec, ftp_fget, ftp_fput, ftp_get, ftp_get_option, ftp_login, ftp_mdtm, ftp_mkdir, ftp_nb_continue, ftp_nb_fget, ftp_nb_fput, ftp_nb_get, ftp_nb_put, ftp_nlist, ftp_pasv, ftp_put, ftp_pwd, ftp_quit, ftp_raw, ftp_rawlist, ftp_rename, ftp_rmdir, ftp_set_option, ftp_site, ftp_size, ftp_ssl_connect, ftp_systyp, fwrite, get_current_user, getenv, getmypid, getmyuid, gzinflate, highlight_file, ignore_user_abord, ini_alter, ini_get_all, ini_restore, ini_set, inject_code, leak, link, listen, ln, mv, mysql_get_client_info, mysql_list_dbs, mysql_pconnect, openlog, parse_ini_file, parse_perms, passthru, pclose, pcntl_alarm, pcntl_exec, pcntl_fork, pcntl_get_last_error, pcntl_getpriority, pcntl_setpriority, pcntl_signal, pcntl_signal_dispatch, pcntl_sigprocmask, pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_strerror, pcntl_wait, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, pconnect, pfsockopen, pg_lo_import, phpAds_XmlRpc, phpAds_remoteInfo, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, php_uname, phpinfo, pico, popen, posix, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, rename, shell_exec, show_source, socket_accept, socket_bind, socket_clear_error, socket_close, socket_connect, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_select, socket_strerror, source, stream_select, symlink, syslog, system, tmpfile, touch, virtual, xmlrpc_entity_decode');
foreach($function_black_list as $f ){
	if( function_exists(trim($f)) ){
		echo "WARNING: function ENABLED : $f\r\n";
		}
	}

echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";


//checking file read write permission
//try to modify .htaccess
$file = $dir.'.htaccess';
echo "Permission check $file\r\n";
$data = file_get_contents($file);
echo "DATA: \r\n".htmlspecialchars(mb_substr($data,0,50))."\r\nDATA END\r\n";
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is writeable\r\n";
	}
	
echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";


//try to modify core php files
$file = $dir.'index.php';
echo "Permission check $file\r\n";
$data = file_get_contents($file);
echo "DATA: \r\n".htmlspecialchars(mb_substr($data,0,50))."\r\nDATA END\r\n";
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is writeable\r\n";
	}
	
echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";
	
//try to modify core php files
$file = $dir.'system/index.php';
echo "Permission check $file\r\n";
$data = file_get_contents($file);
echo "DATA: \r\n".htmlspecialchars(mb_substr($data,0,50))."\r\nDATA END\r\n";
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is writeable\r\n";
	
	if( chmod($file,'0644') ){
		echo "WARNING: $file permission changable\r\n";
		}
	
	}
	
echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";
	
//try to write new php file
$file = $dir.'test.php';
echo "Permission check $file\r\n";
$data = '<?php echo "very wrong" ?>';
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is creatable\r\n";
	
	if( chmod($file,'0644') ){
		echo "WARNING: $file permission changable\r\n";
		}
	
	//try to execute the new php file
	echo "file $file execution output: \r\n";
	$data = file_get_contents($_system['paths']['web_full'].'test.php');
	echo "\r\n";
	}

echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";

//try to write new php file
$file = $dir.'system/test.php';
echo "Permission check $file\r\n";
$data = '<?php echo "very wrong" ?>';
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is creatable\r\n";
	
	if( chmod($file,'0644') ){
		echo "WARNING: $file permission changable\r\n";
		}
	
	//try to execute the new php file
	echo "file $file execution output: \r\n";
	$data = file_get_contents($_system['paths']['web_full'].'system/test.php');
	echo "\r\n";
	
	}
	
echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";

	
//try to write new php file at uploads
$file = $dir.'contents/uploads/test.php';
echo "Permission check $file\r\n";
$data = '<?php echo "very wrong" ?>';
if( file_put_contents($file,$data."\r\n#write success") ){
	echo "WARNING: $file is creatable\r\n";
	
	if( chmod($file,'0644') ){
		echo "WARNING: $file permission changable\r\n";
		}
	
	//try to execute the new php file
	echo "file $file execution output: \r\n";
	$data = file_get_contents($_system['paths']['web_full'].'contents/uploads/test.php');
	//give permission
	echo "\r\n";
	}

echo "\r\n<span style=\"color:#c00;\">END OF STEP ".$counter++."</span>\r\n\r\n";

//try to access system directories
//try to write new php file at uploads
echo "base dir check to access system directories\r\n";
$d = dir(dirname(dirname(dirname($dir))));
while($entry = $d->read()){
	echo "$entry \r\n";
	}
echo "\r\n";
$d->close();

echo "END OF TEST\r\n\r\n";
	


	

	
	



